Cross Site Scripting Vulnerability in Modula Image Gallery by Patchstack
CVE-2026-42688

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Modula Image Gallery
Vendor: CVE Published:; 15 June 2026

What is CVE-2026-42688?

An XSS vulnerability has been identified in versions of the Modula Image Gallery plugin prior to 2.14.23. This flaw allows attackers to inject malicious scripts into web pages viewed by users. By leveraging this vulnerability, attackers could potentially execute arbitrary code in the context of the user's session, compromising sensitive information and the overall security of the website. Site owners utilizing the affected versions are urged to update immediately to mitigate risks associated with this vulnerability.

Affected Version(s)

Modula Image Gallery <= 2.14.23

References

https://patchstack.com/database/wordpress/plugin/modula-b...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

Nguyen Ba Khanh | Patchstack Bug Bounty Program

CVE-2026-42688 Data

JSON